Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Oracle Spearheads Data Management Standards Effort



 By: Matt Hines
2006-11-29
Article Rating:starstarstarstarstar / 0


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
By centralizing management of personally identifiable information outside of corporate applications, the company maintains that businesses can ease the burden of handling sensitive customer data.

Oracle is aiming to help companies improve their ability to manage and protect sensitive customer information with a new initiative that encourages businesses to isolate such data outside of individual IT applications.

The company introduced the project, called the Identity Governance Framework, or IGF, on Nov. 29, and said it specifically seeks to aid companies in handling sensitive identity-related employee, customer and partner information as it flows across heterogeneous applications.

If businesses pull such information out of their IT systems and enterprise applications and store the data in more centralized repositories, they will be much less likely to suffer the breaches that have left many companies fighting to defend their reputations after high-profile incidents where sensitive records have been lost or mishandled, Oracle officials said.

At the heart of the IGF standards initiative is a list of technological guidelines meant to help companies establish "contracts" between their applications and repositories of sensitive information, including four software components already endorsed by Oracles partners in the effort, which include Sun Microsystems, Novell, Ping Identity and Securent. Other technology providers considering participation in the program include BEA Systems, IBM and SAP, Oracle officials said.

Oracle executives said that the company decided to launch the effort as it considered the challenges it faces in finding ways to help its own customers manage the flow of sensitive information across its various database and enterprise applications. The initiative was specifically touched off by the work Oracle is doing to help protect such data in its next-generation Fusion enterprise software.

Resource Library:

The standards proposed by IGF are meant to complement other data governance policies being drafted by groups including the Higgins Project, Liberty Alliance and OASIS, and the database giant is hopeful that one of those industry groups will decide to sponsor its work, said Amit Jasuja, vice president of development for security and identity management at Oracle, in Redwood Shores, Calif.

"The reason we look at these types of standards as a sound approach in handling identifying information is we understand the need for our products to coexist in every company with software from lots of different players," Jasuja said. "Today companies are struggling to find ways to better manage information across different directories and development environments to try and approach this problem more effectively; theres been improvement over the last year, but we saw areas where we felt there was more work that could be done to help customers fight the underlying issue of identity theft."

Companies should look closely at how they manage their databases to make the compliance auditing process less painful and more cost-effective, analysts say. Click here to read more.

The initial IGF standards proposed by the group include CARML (Client Attribute Requirement Markup Language), an XML-based programming technique that consists of a so-called contract defined by application developers to inform IT workers about the usage requirements of an application related to sensitive data. Another element, the AAPML (Attribute Authority Policy Markup Language), consists of a set of policy rules for managing the use of identity-related information from a repository that allow the database to specify parameters regarding the use of information by other applications.

The initiative has also proposed an API meant to make it easier for software developers to build programs in a manner that conforms with policies regarding the use of sensitive data, along with an Identity Service, which is supposed to help developers create standardized methods for sourcing identity-related data from multiple repositories.

Jasuja said that most of Oracles customers admit that they only know that 25 percent of their sensitive data is stored where it is adequately protected, while the remainder of the information is distributed throughout many different applications and repositories. If the information can be pulled out of those applications and placed within the boundaries of a more strict data governance framework such as that proposed via IGF, businesses ability to defend their most valuable customer information will be greatly enhanced, he said.

"Companies need to ensure that they have the appropriate controls in place over all identifying data; they need to ask themselves where the information is stored, how it is used, and whether it is in compliance with all the necessary regulations and privacy issues for their respective industries," Jasuja said. "Were talking about a fairly significant way of reformatting the manner in which people deal with this sort of data that gets into development, policy and management of enterprise applications."

Oracle officials said that even longtime rival Microsoft is mulling the proposed standards over, and the database company hopes its competitor is willing to join the effort. Microsofts Active Directory software lies at the bottom of many businesses existing records-management strategies, which would make the companys participation in IGF that much more important, said Jasuja.

Some of Oracles partners in the effort have already begun advocating for IGF to marry its work with specific standards groups.

"The direction which the IGF is heading is positive," Don Bowen, director of Identity Integration for Sun Microsystems, said in a statement. "Sun supports its submission to a standards body and thinks the Liberty Alliance may be best, as it is a natural and essential evolution of the work already done within that organization."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.



  Reader Comments: Oracle Spearheads Data Management Standards Effort
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Matt Hines
 


xv VQfG)^tR/ٖmؖn3sERc&)|yOt%_L;i["P ;?;;rᨺiɥ,䧎> 3MAh{>PP`%92t<9)G4ò|WRUu=Zn4 /kYO{/W{j" xL s< J9yќcoW|¥0(.ڶNQ6*֠OU7-1qH$[=$?HDeuַQX}؁_ =2tS6BdKd/B(?F#"as?C߭adv^y4 {U;nr;P;U)yaUh/@Z%\DȁRz$~ rN7w#"5IRZ@[ 4Ha`Ws,ǃɩT* kQ3#ujZ3Uk-gc=ױ}3t3Ï ,C$nu8DrHn6, шr91gO?L ܅N؎m,ܪa?WuomjVujwcϙ!y$.*.bcM λ&>0A74Sӱag9ˡ(zAwf4 uWWr@IRX-UA_yxx(<ꟈ/U}s}I}|~ti"|#% WPAbPJe+gxojZtܞܾ\rvN=rڽ!'OvI31+?f'*?oG_C"[Ccؚ`#jA}@b{|&޺xt9&9AoǢx?!//!}O}jb*GrI/o,oG%$,聞M|`nmdʰ(|Orn9C;L}ƊNmPuRƒ_Fp-Alo K(Hk~$M }Nٌ2od$e ~PXtBFͨ4r.KR)""x䞓3 E4>BzBp4:AEATic6riMLrӇtu@ο wFn]='tfo7,Aχ@)`IO l":v|3c)м7L΃݁27CF{P>X^0O`^@Z3.ppzi?0DSgw,ߣ9#z[WMKxg3 ƣk0$"J}#>] #0HQtuNt"BђFe 4  gs#X"C"'Gs [NX;.˥\.S=ry . g r\B;7քR z)0 eZRiMV-&x6r"e.G@7Kᅖ&Z1oY*IuE9SHzڣ==˚hfZ:i [N@NT0)jHL\U}GeybLAsǞ,:4ĞNP =Ǻ7  +ZsFt>xFzoS'tsjڰ`ڄDWjP6~M@-#D ڛ8vVu]49SA8vc| k2ZE'6`FTUMRIZvI2(|,& LqΰreB&k*H(XSb.yrp V֌M'WV{HUWIVT$V3Q0P{ L`L Ġ3BZQOs\e:[[%7˺E;Ҵ.\.Z!d[}aa6E^Q^RKPD@BB(kӲ=2Py62&CInPx{8Ok=0ˊXE[HenjeERK; A#X3Q_肉riz6<;.`CϱȧKs='5ıw@~P93=Q,C,8c0U]" akT(rMNaԹOۢp=Z:q,XO@{sUrqXk0읶ׅ]%/_(ͧ76av}*9J!6#{P}ӚCˈ(-JY*rycl q,YXTȱ,!1}2lU{NPOK.KӞ#:$C[̈́AU 88qxS0UUX(Ǝ8 [fuVVa0\h}є˘34|q֣qƖ!HנRQ* xHmf7TOc_Ό"ak"A4b:XXt> J+b$8$ :d:$ަW݁RI*,C$#]\V`QaJ]4FX\eHЮ$#s@*OF(/> (.+Nr \ݠ 'KG=ih|g_څ583s;ϖM ?Ri#%c(ryDXYEjԻ3e(bՈ}BGcA=,]QiRZ91; `{e\>RRjELRG ?gcqmD A@ZC臩֠m/ T=eښuN"XKCRD 54j;OGw Tj/6h)hS!b hezoՆayϤpx=xl93@NQMGF R,[5^-093VH]'tNd_:&F}Q@ ϳG.+J91/ NID_D|ւukl[7`MKG_;(X#ڣ׃#>R+bJb֍G6~ z&zi0bNw x fΔp|lh e {~L>sXQ]zU'-bZe)!~aC'E/:ha~%3-ܛх`,@N|g@a>wR9(fK'2)_t̖[/]^|aT%Q讻h]Ah1uekfaI3N%`{IO$# JENځ,SjR"i/.;sU_w{~{uH(Dмur<{>ԸGZ@MC~:W'_IN`MՉйlp-:%xi&@)ppӽW'!}Wԁ{%%usu&ܰwhg~Aqy!@@W~ùlݜutvN.:Wm!^{z2W#Np'Bh]tήi G^9hnϛM>k&05hH<!h`&z)kR_K}Èb+I*D|d_gHܠ *V_;Z_a*,$"0 I5cZg>$91@%+JFtzё`{my& |d _RJpI$Q#=)#SYI{bDg"G0ί0[J㷒o˘IGD}_q-5'=?U[k't>>!4|fcYQuppZ 0Xc|.A-H7ԾJ=$S ;DZ30qʣhhw^gh9[R> r&xf"64@OlOq/ +xaESrkW~vh?yXT5mbtUOZ i]}&GmЯ>( I-н6 .5ՅO>O4dX 'FVe5bOf0{?BI턟isCTΑ$ؘ$Ⴄ JAVP*,2(vȔN Hƣ|oڗ`@7COҁy&-3(l#{Zڝ:=Dɥn~i:T xBo~R=ܰwߵ}*=oӧ<--RcCqEkEwWU T⒏7"E;#ڬ/Ι x < v4.߮^ "B;BJ ½,M#G?[Fn3db܆~@F FZXW+2?_7c#ޚU>=d;Ի%RL!O 獐xkCQohxNȂnIC,եߡC<ɉclx]oOL 8<G׆g`İRI" LT vlSGxzzBu1Vr|y ;}c<5t%M(!ӲX6&!O̙>ӑ9%h%D"1vc1w l܂cו Ux $mdsr^ HJa<嚔9&t/΀Р]{l0;_B4*&=ϝ,&'ĤTe@g3pjJcv'!Wux;wZL C}V&aQ@A7Z鼊wqjX*TlHɒ+vkH\+RCym"[8Soό\s' w`Gv\*˥ M!;$=OH4؊}O(|BO8tFFDZ b"JMZDJӞz‰qoXpN ufk:/ޙIyڠO]#Z (b =A$ 0$%WAo4n{Jhgֵp #I_ã!Jr%3#h50s~]Uދ`a7=5kQ4%;SwF3w..#|t,^x/A7SİA]P2{APDP U٫'̳|[ ʦ$Xy-o `-K8m@o`$?̻3qX6*>P䊒)8LZiO E/o WDoXn3^zKX}+R}~FG&iYJJ 8Tr8-Q~77fkp!w5e\ͱz :űys;%L,>̞i穕zÂJeLz#1Ye/3ԩЛۆ7 j ]aҘ.u'䚢H qc<'zf6pε@x -zh+1" +`P6[iKMQ,3AO59h */evM|A.ʥJe NRNu>ZL/xܣnP_9B_ؐ0_JhKmSSz9+F]9K=k8tA,똺lUg֫N?Ve OT},ƾi&`uZ ge D:$AxA=>d_8믍֍Fܢ{27\hWNOpF\Wg;#-X*t@04_Բ91o-]p6 GOZwG7)Z$Ջ=!4lU$ 󛆏g؂_if-eډ5)V(R) 5V)e2/Jf5Lh` fVD,1. эǜ-L&;\'|O/Ul/<=qYEVLƖe-/IO*,qh-{8Sw@.^h <&# nL9tgC.T{P Q\>#DdFiFwG#S3OL~q<Ā&$ ƈ16,6M$Ae Ѓ5T?0KW`7yBG&ꉭoh}exxJ<̍r[TM&ZGVpgo¨`*ؘp(WR#=hpt9ڀkcEl~0hTLv O7{nԥ7?=/VN9ǂ"B=X-G*>IoH{]U# `xKf&nzhu.Uw7= dP^HO:}GT 09]dl{t$ ./]A=3 ޭ1,W:q~h c6drd*]WGpgA1S4,~۟ozҁDCTw2ȏah 3y[xŤ  4Q?3MG' 4A! ^C. Q?9ƪU0 }frŬdw9&Fh]__|&"76}<t9j_tooWj[u{{sվ\sSM·߲ ueP0mw %U벝cTNG˰LsªX]d1xixɎ*bh,.6YCU{,;'0ūlyޗ1o:(6񏩑MSp :Oxs3o_M;zy7~V Cc#Wēaɐ ``a׾hIk&5{+>ۺr(((-he\/3 /~/3{ %2c@y yAȣW2ϡ<_PK((ʘ+ ʘ..ȟn|fȗk 3޿ɠ11>_?@/?}}̠OP))c|2w Y@{ f wAI]'z[|ֺƅ)QFy9<ʠrEU৬rXB]f@yVD=^bMxE,D<mctslEB`T7'%YØܻ Gz‰n} '?hĻ/L ٞ܃~en7}fn_qTC0Okr>u'xvgY^]Y\;Yo-P.CIkgewೠفg:?O i-Jaġ_]͇j>|-C/ڏ >赏?tkҾj] [gmОMERACGӠS7UQ !Pi}GQ+"D74\O9GK ;wcX{:^j<} =sΘ^AᑡD L`FdE%QIPJE:(QPफ़h[ٞiRoR` YZi8an%[C{$~@x 7x:x_,mBfPhz|yF ڎy@&7 J,5w;SِD@.ދ3L뜶|L:AÆo/XbKZ;c`\;o=2gj Y |y0\9Kh `z4}z<8VA)TI||30ՃoRu 09qhJ/.ӡxCKQ,V4 Dm/ta5j33;f%cD"$Q#Eblyѻ dާuX5SGHxxaw.. ]C? 5s(+&- mtBy-LHZ~vu_RŒk4f]&"FokzN Q)IdƠ}փhD#iZ#XYNƄ_֌/Y݈88O3Hu{ZVmHn>Y ^>%lZmgrnCk[Wvu;L]j'ϟV3l'kcM%\*DTx=-'N"M{aџ<+ug 0MD+fAl!п|aڳGz ^(yCM3%Dď&~2Ik.}x>J߫BI=؉߁9n:A{9L9 L}T.q 5" "HH"3{Fl%;Vߜs7QH ׼9}6h@o-9kknEҫ. Ec7l^U(z1̸:tɣR(xK%#qkGhn DZxY{6D/j feyU(p6d+z1ĸ7,Ŝz L @\o)%:TunzDhcV.0mefӧZ7-[@5E`0v`e L/,zAn0$ /1-i?ׁ u]!HnNvG9D 7>6'l4=l}π hsCQ%` =՛-Hˍt_$% \#d,l4 @FWDP;"6ZƏYF hWa!*e;6K((Xp^gAt=isw6E}w2\Gx kyf7W<2Y%Q;Z?Y m-)+8~m=uVږ*rcKd+{f:ePEXl+ᠢKWe5`/9JH]S(|9n8hՆGO0ޏZwPl@ xS b OGm;qS利6r+l XE2[¶,:q` {m;Q=k{+lk[ȁnaTxOq;u[__38ZP|6, l0/>SsϏp`2u^='8K c.'XI@ qj.-wvua44Lb9"[^QI(``жX33},@a)5ӌBO7 4wRaL c[и<6v,S3aϢy9v93E~c]>8Vlw;k+Fр7H>Y{PE<1s1GN g5zk|iK}&ı`=br8Lte4QS|J)Mm)G3 τ i=#hxbnHhQ ddzkI  >dS1C'@j0\|1O d9[H^مT*Ƶx CG4$} bYx Tf}/)Z/π.ȟU --@V$o@"ʞ 4vqO8O}C;ٍK(u?i1eOh̎2 $ŮkEml C5 ɂk}WP7VtRGsFnRDsQ̱˺asai_)Z9TMTȨߣ{ ^;=1#;4K}ʰY"Й;%IS`\oB~+Ԥȴ@N]^Ԩ8`~6itf*ތ>ÅyxA\ Қx]PE%z?}8HߔV)oaQb:z9h O+14+Ȩ}xH2A %z;P< %۰n=l/:-a3KuLh Ppkf8 <- >5dZ^Ok.@3G y0Pqh,Lgkt&`}2s(BFm#z踧[$:rN}cI~\Oh"ՂK*Ra_nΘxmPgӡ {Qrlf,_z8BӄAǞD /&?H֗i֏%iOh}m]t)[t`77:Pѕ>Z;D|׍nCZj#e:xwމ"15MOpaH^?̣sM6_uX2Ͻ;2 ͤ<;V O ex,5س:ܠ]g9x6m ֶE:,_C 9#@ = ޠ:fP#ܨa7A"=z H%R'~^cT7TPe?Y%2(Pj9YNpx-dH}DTUoׄB_v cOT~wv7@*ԛoiҎ$[$d<QZXp /3#R/IuAn;|4bm0j}U;:|Xpe/C6u p]k7^aJ;%ac⭹8& F.*^ 3^H۴tcx[9HHMa&g t.)RQgTY0[CǙXGĖu$wkQRr{"_^0I` 86>vcCqFʍ|]DijR#i|>б U+y_HFYIθQ1ȅ34fnf@wٰb'c"hs)IбN?'OJR_tV6<~| Gw4|׾a&ym'bh %-{P%[գ4?+.RuSQ|YTȧiTJGJ`5ZT%M (AJ'RVksJDv .?rn&&vs)CYf["# MNBLF!mNDa#$z[96l,xtMh4t*o,I͝ @